Classic tech archive.
From the original averyjparker.com tech blog — historical context; pair with modern guides where noted.
Full archive · Maker projects ·
Network Ninja
Classic tip · Classic
Lynx web browser vulnerability
Incidents.org is reporting on an advisory for users of lynx. For those of you that don't know lynx, it is a text based web browser used in text only terminal environments. I've used lynx from time to…
Incidents.org is reporting on an advisory for users of lynx. For those of you that don't know lynx, it is a text based web browser used in text only terminal environments. I've used lynx from time to time to see what websites look like to a text only reader to help design towards better accessibility. Anyway, the three of you using it to browse the web with need to upgrade... (please, it's a joke...)
The vulnerability is described at idefense.com. It appears that a new development version of lynx has been released which fixes the problem. (Development version 2.8.6dev.15)
The problem is found in 2.8.5 and earlier versions of lynx. A workaround is suggested as follows.
Disable "lynxcgi" links by specifying the following directive in lynx.cfg: TRUSTED_LYNXCGI:noneJoke above aside, lynx can be a useful, quick browser. I've used it many times in a script that evaluates content on a web page. (Say, testing to see if a page has the expected text on it.) (Maybe next time I'll get into the vi/emacs holy wars....)